Difference between revisions of "Secure Sockets Layer"
From Organic Design wiki
m |
m |
||
Line 5: | Line 5: | ||
Our convention is to keep all the certificates in ''/var/www/ssl'' along with the the SSL virtual host definition for the domain <noinclude>(see [[install a new server]] for details on Apache configuration)</noinclude>. First change the current directory to ''/var/www/ssl'' and create the certificate with the following command format. Ensure the '''common name''' (cn) is entered as a wildcard such as '''*.foo.com''' so that the certificate applies to all the sub-domains such as ''www.foo.com'' or ''webmail.foo.com'' etc. | Our convention is to keep all the certificates in ''/var/www/ssl'' along with the the SSL virtual host definition for the domain <noinclude>(see [[install a new server]] for details on Apache configuration)</noinclude>. First change the current directory to ''/var/www/ssl'' and create the certificate with the following command format. Ensure the '''common name''' (cn) is entered as a wildcard such as '''*.foo.com''' so that the certificate applies to all the sub-domains such as ''www.foo.com'' or ''webmail.foo.com'' etc. | ||
{{code|<pre> | {{code|<pre> | ||
− | openssl req -new -newkey rsa:1024 -days 3650 -nodes -x509 -keyout foo.com.key | + | openssl req -new -newkey rsa:1024 -days 3650 -nodes -x509 -keyout foo.com.key -out foo.com.csr |
</pre>}} | </pre>}} | ||
+ | |||
+ | This generates two files, the ''.csr'' is the request and the ''.key'' is the private key. | ||
Ensure that the resulting file is accessible by the web-server: | Ensure that the resulting file is accessible by the web-server: |
Revision as of 22:04, 23 April 2013
Secure Sockets Layer Organic Design procedure |
Our convention is to keep all the certificates in /var/www/ssl along with the the SSL virtual host definition for the domain (see install a new server for details on Apache configuration). First change the current directory to /var/www/ssl and create the certificate with the following command format. Ensure the common name (cn) is entered as a wildcard such as *.foo.com so that the certificate applies to all the sub-domains such as www.foo.com or webmail.foo.com etc.
This generates two files, the .csr is the request and the .key is the private key.
Ensure that the resulting file is accessible by the web-server:
Check the cert with this command:
The following output indicates the cert is working correctly